DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 09/09/2025 has been entered.
Response to Amendment
The amendment filed 09/09/2025 has been entered. Claims 1-11 remain pending in the application.
Response to Arguments
Applicant’s arguments, filed 09/09/2025, with respect to the rejections of claims 1 and 10-11 under 103 have been fully considered and are persuasive because of the amendments. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Jain et al. (2018/0359084) in view of Matsumoto et al. (US Pub. 2019/0147361) and further in view of Perrine et al. (US Pub. 2015/0143105).
Applicant’s arguments, filed 09/09/2025, with respect to the rejections of claim 7 under 103 have been fully considered and are persuasive because of the amendments. Therefore, the rejection has been withdrawn.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 7-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 7 recites the limitation of “the learned model” in line 5. There is insufficient antecedent basis for this limitation in the claim.
Claims 8-9 are rejected for being dependent on a rejected base claim, namely claim 7.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Jain et al. (US Pub. 2018/0359084) in view of Matsumoto et al. (US Pub. 2019/0147361) and further in view of Perrine et al. (US Pub. 2015/0143105).
As per claim 1, Jain teaches an inference apparatus [Fig. 3, client system 302] comprising:
a processor which executes a process, wherein the process includes [Fig. 3 shows the process of analyzing data between the client system and the server system, and it can be seen that the client system comprises a processor to process data in either encrypted or decrypted form sent from the server]:
determining whether encrypted learned model in which the learned model is encrypted, has been input [Fig. 3, paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model”; paragraph 0007, “The client system may process the intermediate results, in either encrypted or decrypted form”],
when the encrypted learned model is input [paragraph 0007, “The client system may process the intermediate results, in either encrypted or decrypted form”; Fig. 3, paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model. The intermediate model is encrypted … the encrypted final model may be sent back to the client system”; It can be seen that the client system received the encrypted learned model from the server];
decrypting the encrypted learned model [Fig. 3, paragraph 0094, “the client system 302 may decrypt the model”],
performing inference by using the decrypted learned model [Fig. 3, paragraph 0094, “The client system 302 may decrypt the final model and use the model to process data”], and
the information representing contents of the learned model, the information including at least one of a network structure, a weight and a bias of the learned model [paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model. The intermediate model is encrypted … the client system 302 may round one or more weights within the intermediate model”; paragraph 0050, “The client system may decrypt the intermediate model using the decryption key and perform rounding on various weights of the model”; It can be seen that the contents of the learned model comprise at least one or more weights];
Jain in Fig. 4, paragraph 0096 also teaches a display unit 410.
Jain does not explicitly teach
when the learned model that is not encrypted is input;
performing inference by using the learned model, and
displaying information representing contents of the learned model on a display device, the information including at least one of a network structure, a weight and a bias of the learned model,
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device (emphasis added).
Matsumoto teaches
when the learned model that is not encrypted is input [paragraph 0068, “provide the learned model optimal for use by user side device 3”];
performing inference by using the learned model [paragraph 0043, “When receiving the use request including the use purpose from user side device 3, server device 2 selects the learned model … and transmits the selected learned model to user side device 3”; paragraph 0051, “User side device 3 is a general computer device and is used for performing image analysis processing, new machine learning, and the like using the learned model provided from server device 2”], and
displaying information representing contents of the learned model on a display device, the information including at least one of a network structure, a weight and a bias of the learned model [paragraph 0066, “When user side device 3 receives the model information and the advisability of the selected learned model from server device 2, user side device 3 displays a screen indicating the received information on display 33”; paragraph 0019, “model information that is at least one information of a function and a generation environment of the selected learned model is presented to the user side device”; paragraph 0039, “An aggregate of the weight values between the nodes on which the learning process is completed is called a "learned model"”; paragraphs 0046-0050, “The model information includes saved model information, generation environment information, and necessary resource information”; Since Jain in paragraph 0094 teaches the contents of the learned model comprising one or more weight, and Matsumoto teaches the learned model is provided to the user device, the information of the learned model comprising weight values is displayed by the user device when the user device receives the learned model that is not encrypted from the server, therefore, the combination of Jain and Matsumoto teaches the above claim limitation].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include when the learned model that is not encrypted is input, performing inference and displaying information representing contents of the learned model of Matsumoto. Doing so would help viewing, confirming the received model information, and determining if the learned model to be used by the client device (Matsumoto, 0066).
Jain and Matsumoto do not teach
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device;
Perrine teaches
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device [Fig. 2, paragraphs 0037-0044, discloses a process of receiving network encrypted content, decrypting the network encrypted content to obtain the clear content, then instead of displaying the clear content, the clear content is encrypted using local control word, and providing the locally encrypted content; Examiner interprets the process of encrypting the clear content as stopping displaying the content. Since Jain in Fig. 3, paragraphs 0007 and 0094 teaches the client system may process model data sent from the server that is in either encrypted or decrypted form, when the encrypted data is received/input, the client system decrypting the encrypted data and performing inference by using the decrypted data, while Perrine teaches when the encrypted data is received/input, decrypting the encrypted data, and encrypting the decrypted data using the local control word. The process of encrypting the decrypted data is interpreted as stopping the process of displaying the information representing contents, because when data is encrypted, even if those encrypted is presented on the display device, other users cannot view the information representing contents, therefore, the combination Jain and Perrine teaches the above claim limitation];
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include when the encrypted data is received, decrypting the encrypted data, and stopping the process of displaying the information representing contents of Perrine. Doing so would help preventing the interception and sharing of the control word (Perrine, 0034).
As per claim 10, Jain teaches an inference method executed by a processor [Fig. 4, abstract, “methods, and computer-executable instructions for secure data analysis using encrypted data”], the inference method comprising:
a process executed by the processor including[Fig. 3 shows the process of analyzing data between the client system and the server system, and it can be seen that the client system comprises a processor to process data in either encrypted or decrypted form sent from the server]:
determining whether encrypted learned model in which the learned model is encrypted, has been input [Fig. 3, paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model”; paragraph 0007, “The client system may process the intermediate results, in either encrypted or decrypted form”],
when the encrypted learned model is input [paragraph 0007, “The client system may process the intermediate results, in either encrypted or decrypted form”; Fig. 3, paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model. The intermediate model is encrypted … the encrypted final model may be sent back to the client system”; It can be seen that the client system received the encrypted learned model from the server];
decrypting the encrypted learned model [Fig. 3, paragraph 0094, “the client system 302 may decrypt the model”],
performing inference by using the decrypted learned model [Fig. 3, paragraph 0094, “The client system 302 may decrypt the final model and use the model to process data”], and
the information representing contents of the learned model, the information including at least one of a network structure, a weight and a bias of the learned model [paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model. The intermediate model is encrypted … the client system 302 may round one or more weights within the intermediate model”; paragraph 0050, “The client system may decrypt the intermediate model using the decryption key and perform rounding on various weights of the model”; It can be seen that the contents of the learned model comprise at least one or more weighs];
Jain in Fig. 4, paragraph 0096 also teaches a display unit 410.
Jain does not explicitly teach
when the learned model that is not encrypted is input;
performing inference by using the learned model, and
displaying information representing contents of the learned model on a display device, the information including at least one of a network structure, a weight and a bias of the learned model,
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device (emphasis added).
Matsumoto teaches
when the learned model that is not encrypted is input [paragraph 0068, “provide the learned model optimal for use by user side device 3”];
performing inference by using the learned model [paragraph 0043, “When receiving the use request including the use purpose from user side device 3, server device 2 selects the learned model … and transmits the selected learned model to user side device 3”; paragraph 0051, “User side device 3 is a general computer device and is used for performing image analysis processing, new machine learning, and the like using the learned model provided from server device 2”], and
displaying information representing contents of the learned model on a display device, the information including at least one of a network structure, a weight and a bias of the learned model [paragraph 0066, “When user side device 3 receives the model information and the advisability of the selected learned model from server device 2, user side device 3 displays a screen indicating the received information on display 33”; paragraph 0019, “model information that is at least one information of a function and a generation environment of the selected learned model is presented to the user side device”; paragraph 0039, “An aggregate of the weight values between the nodes on which the learning process is completed is called a "learned model"”; paragraphs 0046-0050, “The model information includes saved model information, generation environment information, and necessary resource information”; Since Jain in paragraph 0094 teaches the contents of the learned model comprising one or more weight, and Matsumoto teaches the learned model is provided to the user device, the information of the learned model comprising weight values is displayed by the user device when the user device receives the learned model that is not encrypted from the server, therefore, the combination of Jain and Matsumoto teaches the above claim limitation].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include when the learned model that is not encrypted is input, performing inference and displaying information representing contents of the learned model of Matsumoto. Doing so would help viewing, confirming the received model information, and determining if the learned model to be used by the client device (Matsumoto, 0066).
Jain and Matsumoto do not teach
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device;
Perrine teaches
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device [Fig. 2, paragraphs 0037-0044, discloses a process of receiving network encrypted content, decrypting the network encrypted content to obtain the clear content, then instead of displaying the clear content, the clear content is encrypted using local control word, and providing the locally encrypted content; Examiner interprets the process of encrypting the clear content as stopping displaying the content. Since Jain in Fig. 3, paragraphs 0007 and 0094 teaches the client system may process model data sent from the server that is in either encrypted or decrypted form, when the encrypted data is received/input, the client system decrypting the encrypted data and performing inference by using the decrypted data, while Perrine teaches when the encrypted data is received/input, decrypting the encrypted data, and encrypting the decrypted data using the local control word. The process of encrypting the decrypted data is interpreted as stopping the process of displaying the information representing contents, because when data is encrypted, even if those encrypted is presented on the display device, other users cannot view the information representing contents, therefore, the combination Jain and Perrine teaches the above claim limitation];
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include when the encrypted data is received, decrypting the encrypted data, and stopping the process of displaying the information representing contents of Perrine. Doing so would help preventing the interception and sharing of the control word (Perrine, 0034).
As per claim 11, Jain teaches a non-transitory computer-readable recording medium storing therein an inference program for causing a processor to execute an inference process [paragraph 0100, “a computer-readable storage media or machine-readable storage media may include any medium that is capable of storing, encoding, or carrying instructions for execution”; Fig. 3 shows the process of analyzing data between the client system and the server system, and it can be seen that the client system comprises a processor to process data], the process comprising:
determining whether encrypted learned model in which the learned model is encrypted, has been input [Fig. 3, paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model”; paragraph 0007, “The client system may process the intermediate results, in either encrypted or decrypted form”],
when the encrypted learned model is input [paragraph 0007, “The client system may process the intermediate results, in either encrypted or decrypted form”; Fig. 3, paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model. The intermediate model is encrypted … the encrypted final model may be sent back to the client system”; It can be seen that the client system received the encrypted learned model from the server];
decrypting the encrypted learned model [Fig. 3, paragraph 0094, “the client system 302 may decrypt the model”],
performing inference by using the decrypted learned model [Fig. 3, paragraph 0094, “The client system 302 may decrypt the final model and use the model to process data”], and
the information representing contents of the learned model, the information including at least one of a network structure, a weight and a bias of the learned model [paragraph 0094, “the server system 304 provides the client system 302 with an intermediate model. The intermediate model is encrypted … the client system 302 may round one or more weights within the intermediate model”; paragraph 0050, “The client system may decrypt the intermediate model using the decryption key and perform rounding on various weights of the model”; It can be seen that the contents of the learned model comprise at least one or more weighs];
Jain in Fig. 4, paragraph 0096 also teaches a display unit 410.
Jain does not explicitly teach
outputting information representing contents of a learned model of a neural network, wherein the information includes at least one of a network structure, a weight and a bias of the learned model,
when the learned model that is not encrypted is input;
performing inference by using the learned model, and
displaying information representing contents of the learned model on a display device, the information including at least one of a network structure, a weight and a bias of the learned model,
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device (emphasis added).
Matsumoto teaches
outputting information representing contents of a learned model of a neural network, wherein the information includes at least one of a network structure, a weight and a bias of the learned model [paragraph 0066, “When user side device 3 receives the model information and the advisability of the selected learned model from server device 2, user side device 3 displays a screen indicating the received information on display 33”; paragraph 0019, “model information that is at least one information of a function and a generation environment of the selected learned model is presented to the user side device”; paragraph 0039, “An aggregate of the weight values between the nodes on which the learning process is completed is called a "learned model"”; paragraphs 0046-0050, “The model information includes saved model information, generation environment information, and necessary resource information”; Since Jain in paragraph 0094 teaches the contents of the learned model comprising one or more weight, and Matsumoto teaches the learned model is provided to the user device, the information of the learned model comprising weight values is displayed by the user device when the user device receives the learned model from the server, therefore, the combination of Jain and Matsumoto teaches the above claim limitation],
when the learned model that is not encrypted is input [paragraph 0068, “provide the learned model optimal for use by user side device 3”];
performing inference by using the learned model [paragraph 0043, “When receiving the use request including the use purpose from user side device 3, server device 2 selects the learned model … and transmits the selected learned model to user side device 3”; paragraph 0051, “User side device 3 is a general computer device and is used for performing image analysis processing, new machine learning, and the like using the learned model provided from server device 2”], and
displaying information representing contents of the learned model on a display device, the information including at least one of a network structure, a weight and a bias of the learned model [paragraph 0066, “When user side device 3 receives the model information and the advisability of the selected learned model from server device 2, user side device 3 displays a screen indicating the received information on display 33”; paragraph 0019, “model information that is at least one information of a function and a generation environment of the selected learned model is presented to the user side device”; paragraph 0039, “An aggregate of the weight values between the nodes on which the learning process is completed is called a "learned model"”; paragraphs 0046-0050, “The model information includes saved model information, generation environment information, and necessary resource information”; Since Jain in paragraph 0094 teaches the contents of the learned model comprising one or more weight, and Matsumoto teaches the learned model is provided to the user device, the information of the learned model comprising weight values is displayed by the user device when the user device receives the learned model that is not encrypted from the server, therefore, the combination of Jain and Matsumoto teaches the above claim limitation].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include when the learned model that is not encrypted is input, performing inference and displaying information representing contents of the learned model of Matsumoto. Doing so would help viewing, confirming the received model information, and determining if the learned model to be used by the client device (Matsumoto, 0066).
Jain and Matsumoto do not teach
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device;
Perrine teaches
when the encrypted learned model is input: decrypting … stopping the process of displaying the information representing contents of the learned model on the display device [Fig. 2, paragraphs 0037-0044, discloses a process of receiving network encrypted content, decrypting the network encrypted content to obtain the clear content, then instead of displaying the clear content, the clear content is encrypted using local control word, and providing the locally encrypted content; Examiner interprets the process of encrypting the clear content as stopping displaying the content. Since Jain in Fig. 3, paragraphs 0007 and 0094 teaches the client system may process model data sent from the server that is in either encrypted or decrypted form, when the encrypted data is received/input, the client system decrypting the encrypted data and performing inference by using the decrypted data, while Perrine teaches when the encrypted data is received/input, decrypting the encrypted data, and encrypting the decrypted data using the local control word. The process of encrypting the decrypted data is interpreted as stopping the process of displaying the information representing contents, because when data is encrypted, even if those encrypted is presented on the display device, other users cannot view the information representing contents, therefore, the combination Jain and Perrine teaches the above claim limitation];
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include when the encrypted data is received, decrypting the encrypted data, and stopping the process of displaying the information representing contents of Perrine. Doing so would help preventing the interception and sharing of the control word (Perrine, 0034).
Claims 2-5 are rejected under 35 U.S.C. 103 as being unpatentable over Jain et al. in view of Matsumoto et al. in view of Perrine et al. and further in view of Kono et al. (JP2003-208406 – Applicant provided IDS).
As per claim 2, Jain, Matsumoto and Perrine teach the inference apparatus according to claim 1.
Jain teaches
a learning apparatus that generates a learned model [Fig. 3, paragraph 0094, disclose the final model (learned model) is generated by the server system and the encrypted final model is sent to the client system],
decrypting the encrypted learned model, upon input of the encrypted learned model [Fig. 3, paragraph 0094, “Eventually, a specified number of iterations or a precision of the model is reached. At this point, the model is considered the final model. At 330, the encrypted final model may be sent back to the client system 302. The client system 302 may decrypt the final model and use the model to process data”; paragraph 0025, “provide prediction on some new data”];
Jain, Matsumoto and Perrine do not teach
transmitting an issuance request of license information including a first device identifier for identifying a device included in the inference apparatus to a learning apparatus that generates a learned model,
acquiring license information including the first device identifier from the learning apparatus, and
the decrypting process executed by the processor further including
decrypting the encrypted learned model, upon input of the encrypted learned model, when the first device identifier and a second device identifier for identifying any one device included in the inference apparatus match with each other.
Kono teaches
transmitting an issuance request of license information including a first device identifier for identifying a device included in the inference apparatus to a learning apparatus that generates a learned model [paragraphs 0039-0041, “first, software created by a provider is encapsulated by the center 130, and a capsule 300 is generated … Next, the user obtains the capsule 300 … Then, the user connects the IC card 200, and activates the obtained capsule 300 on the PC 110 … Upon receiving the capsule 300 activation command, the PC 110 communicates with the IC card 200 according to the command, and passes authentication data to the IC card 200. Then, authentication is performed by the IC card 200 executing the authentication step. If authentication is successful, a decryption key for decrypting the software is sent from the IC card 200 to the PC 110”; paragraph 0044, “First, the PC 110 that has activated the capsule activation program 311 transmits authentication data of the capsule 300 to the IC card 200. The authentication data here includes a user ID and a password”; paragraphs 0035-0038, “The user authentication unit 201b authenticates that the user is the owner of the IC card 200 based on the user ID and password sent from the PC 110. The software use right authentication unit 201 c authenticates that the owner of the IC card 200 has the right to use the software in the capsule 300 based on the software use right authentication data 313 … When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit 202 and the decryption key decryption unit 203 … The decryption key decryption unit 203 decrypts the encrypted decryption key 315 … Then, the decrypted decryption key is transferred to the PC 110”; paragraph 0030 “The software usage right authentication data 313 stores information for authenticating the usage right corresponding to the user when the user authentication is successful”; It can be seen that the PC 110 requests license information regarding the right of use the capsule 300 by providing authentication data that include a user ID and a password to the IC card 200 which is delivered from a center 130, the software use right authentication unit determines whether the user of the IC card 200 has the right to use the software in the capsule 300 based on the software use right authentication data 313. And since the system stores the information for authenticating the usage right associated with the user when authentication is successful, the license information regarding the right of use includes a device identifier],
acquiring license information including the first device identifier from the learning apparatus [paragraph 0044, “First, the PC 110 that has activated the capsule activation program 311 transmits authentication data of the capsule 300 to the IC card 200. The authentication data here includes a user ID and a password”; paragraphs 0035-0038, “The user authentication unit 201b authenticates that the user is the owner of the IC card 200 based on the user ID and password sent from the PC 110. The software use right authentication unit 201 c authenticates that the owner of the IC card 200 has the right to use the software in the capsule 300 based on the software use right authentication data 313 … When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit 202 and the decryption key decryption unit 203 … The decryption key decryption unit 203 decrypts the encrypted decryption key 315 … Then, the decrypted decryption key is transferred to the PC 110”; paragraph 0030 “The software usage right authentication data 313 stores information for authenticating the usage right corresponding to the user when the user authentication is successful”; paragraph 0022, “The service providing unit 12 of the service providing apparatus 10 provides a service to the user only when the use permission response is received. Here, the use permission response is information necessary for using the service”; It can be seen that when use of the capsule 300 is permitted, the system provides license information regarding the right of use the capsule 300 by sending information including the decrypted decryption key from the IC card 200 to the PC 110/user], and
the decrypting process executed by the processor further including
decrypting the encrypted learned model, upon input of the encrypted learned model, when the first device identifier and a second device identifier for identifying any one device included in the inference apparatus match with each other [paragraphs 0029, 0035-0041, “The user authentication unit 201b authenticates that the user is the owner of the IC card 200 based on the user ID and password sent from the PC 110. The software use right authentication unit 201 c authenticates that the owner of the IC card 200 has the right to use the software in the capsule 300 based on the software use right authentication data 313 … When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit 202 and the decryption key decryption unit 203 … The decryption key decryption unit 203 decrypts the encrypted decryption key 315 … Then, the decrypted decryption key is transferred to the PC 110 … The PC 110 decrypts the software 320 encrypted with the received decryption key, and executes the software in plain text”; paragraph 0030 “The software usage right authentication data 313 stores information for authenticating the usage right corresponding to the user when the user authentication is successful”; since the system stores the information for authenticating the usage right associated with the user when authentication is successful, and to requests license information regarding the right of use the capsule 300, the user providing authentication data that include a user ID and a password to the system, it can be seen that the system authenticates that the user has the right to use the software when the provided ID match the stored information for authenticating the usage right associated with the user].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include a process of transmitting an issuance request of license information including a first device identifier for identifying a device included in the inference apparatus to a learning apparatus, acquiring license information, and decrypting the encrypted learned model of Kono. Doing so would help executing the software in plain text (Kono, 0041).
As per claim 3, Jain, Matsumoto, Perrine and Kono teach the inference apparatus according to claim 2.
Kono further teaches
the license information further includes a decryption key for decrypting the encrypted learned model [paragraphs 0035-0038, “The user authentication unit 201b authenticates that the user is the owner of the IC card 200 based on the user ID and password sent from the PC 110. The software use right authentication unit 201 c authenticates that the owner of the IC card 200 has the right to use the software in the capsule 300 based on the software use right authentication data 313 … When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit 202 and the decryption key decryption unit 203 … The decryption key decryption unit 203 decrypts the encrypted decryption key 315 … Then, the decrypted decryption key is transferred to the PC 110”; It can be seen that when use of the capsule 300 is permitted, the system provides license information regarding the right of use the capsule 300 by sending information including the decrypted decryption key from the IC card 200 to the PC 110/user], and
the decrypting process executed by the processor further including
decrypting the encrypted learned model by using the decryption key [paragraphs 0035-0041, “When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit 202 and the decryption key decryption unit 203 … The decryption key decryption unit 203 decrypts the encrypted decryption key 315 … Then, the decrypted decryption key is transferred to the PC 110 … The PC 110 decrypts the software 320 encrypted with the received decryption key, and executes the software in plain text”].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include the license information further includes a decryption key for decrypting the encrypted learned model, and decrypting the encrypted learned model by using the decryption key of Kono. Doing so would help executing the software in plain text (Kono, 0041).
As per claim 4, Jain, Matsumoto, Perrine and Kono teach the inference apparatus according to claim 2.
Kono further teaches
the license information further includes an expiration date of the encrypted learned model [paragraph 0030, “The authentication data in the header section 310 includes software authentication data 312, software usage right authentication data 313, expiration date authentication data 314, and an encrypted decryption key 315. The software authentication data 312 includes, for example, a software identifier (ID) and a provider signature. The software usage right authentication data 313 stores information for authenticating the usage right corresponding to the user when the user authentication is successful. The expiration date authentication data 314 is data indicating the expiration date of the encrypted software 320. The encrypted decryption key 315 is a decryption key for decrypting the capsule 300”; paragraph 0037, “When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit”], and
the decrypting process executed by the processor further including
decrypting the encrypted learned model, when a time at a time of decrypting the encrypted learned model is within the expiration date [paragraphs 0035-0041, “When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit 202 and the decryption key decryption unit 203 … The decryption key decryption unit 203 decrypts the encrypted decryption key 315 … Then, the decrypted decryption key is transferred to the PC 110 … The PC 110 decrypts the software 320 encrypted with the received decryption key, and executes the software in plain text”; paragraphs 0052-0053, “For example, when a capsule in which an expiration date for one month from July 1, 1997 (expiration start time: July 1, 1997, expiration date: July 31, 1997) is executed, an IC card As the time, a time after July 1, 1997 is always set. Then, after that, it is not possible to execute a capsule whose expiration date is before June 30, 1997”; It can be seen that if a capsule in which an expiration date end time is June 30, then it is not possible to execute the capsule from July 1; paragraph 0020-0021; “the service provider sets the expiration date data 20 corresponding to each service. Then, the user who wants to receive the provision of the specific service sends the expiration date data 20 corresponding to the specific service to the authentication device 30 … In the authentication device 30 that has received the expiration date data 20, the authentication unit 32 compares the authentication time in the authentication time storage unit 31 with the expiration date, and the authentication time is a time before the expiration date. In such a case, a use permission response is sent to the service providing apparatus 10”].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include the license information further includes an expiration date of the encrypted learned model, decrypting the encrypted learned model, when a time at a time of decrypting the encrypted learned model is within the expiration date of Kono. Doing so would help decrypting the software with the decryption key, and executing the software in plain text (Kono, 0041).
As per claim 5, Jain, Matsumoto, Perrine and Kono teach the inference apparatus according to claim 2.
Kono further teaches
a connection interface that is detachably connected to a processing apparatus that stores therein the license information [Fig. 2, paragraph 0039, “first, software created by a provider is encapsulated by the center 130, and a capsule 300 is generated; paragraphs 0026-0030, “The capsule 300 includes a header part 310 and encrypted software 320 … The authentication data in the header section 310 includes software authentication data 312, software usage right authentication data 313, etc., The software usage right authentication data 313 stores information for authenticating the usage right corresponding to the user when the user authentication is successful … The IC card 200 is delivered to the user from a center 130 … By connecting the IC card 200 to the reader / writer 140, the user can perform authentication regarding the right to use the software acquired from the center 130”; paragraph 0041, “Upon receiving the capsule 300 activation command, the PC 110 communicates with the IC card 200 according to the command, and passes authentication data to the IC card 200. Then, authentication is performed by the IC card 200 executing the authentication step”; examiner interprets the center 130 which including the capsule 300 as a processing apparatus that stores therein the license information regarding the right of use the capsule 300 and comprises the IC card 200 which is delivered to the user from a center 130, and interprets the reader / writer 140 as a connection interface that is detachably connected to the IC card 200 so that the user can perform authentication regarding the right to use the software], wherein
the acquiring process executed by the processor further including acquiring license information from the processing apparatus, when the processing apparatus is connected to the connection interface [paragraphs 0026-0027, “The IC card 200 is delivered to the user from a center 130 that has received a request from the provider … By connecting the IC card 200 to the reader / writer 140, the user can perform authentication regarding the right to use the software acquired from the center 130”; paragraphs 0035-0038, “The user authentication unit 201b authenticates that the user is the owner of the IC card 200 based on the user ID and password sent from the PC 110. The software use right authentication unit 201 c authenticates that the owner of the IC card 200 has the right to use the software in the capsule 300 based on the software use right authentication data 313 … When use of the capsule 300 is permitted by each of the above authentication units, the information is sent to the IC card time update unit 202 and the decryption key decryption unit 203 … The decryption key decryption unit 203 decrypts the encrypted decryption key 315 … Then, the decrypted decryption key is transferred to the PC 110”; It can be seen that the center 130 delivers the IC card 200 to the user and connects the IC card 200 to the reader / writer 140 to perform authentication regarding the right to use the software, and when use of the capsule 300 is permitted, the system provides license information regarding the right of use the capsule 300 by sending information including the decrypted decryption key from the IC card 200 to the PC 110/user].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include a connection interface that is detachably connected to a processing apparatus, and acquiring license information from the processing apparatus, when the processing apparatus is connected to the connection interface of Kono. Doing so would help decrypting the software with the decryption key, and executing the software in plain text (Kono, 0041).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Jain et al. in view of Matsumoto et al. in view of Perrine et al. and further in view of Gomez et al. (US Pub. 2020/0036510).
As per claim 6, Jain, Matsumoto and Perrine teach the inference apparatus according to claim 1.
Jain teaches
the encrypted learned model [Fig. 3, paragraph 0094, disclose the final model (learned model) is generated by the server system and the encrypted final model is sent to the client system],
Jain, Matsumoto and Perrine do not teach
the encrypted learned model is attached with an encryption identifier for identifying whether the learned model has been encrypted, and
the determining process executed by the processor further including
determining whether the encrypted learned model has been input, by referring to the encryption identifier.
Gomez teaches
the encrypted learned model is attached with an encryption identifier for identifying whether the learned model has been encrypted [claim 7, “an identifier associated with the encrypted NN model”], and
determining whether the encrypted learned model has been input, by referring to the encryption identifier [paragraph 0095, “the computing system receives the encrypted inference with an identifier for the NN used for the inference. The computing system uses the identifier to determine which NN and which private key to use to decrypt the encrypted inference”; paragraph 0034, “The terms neural network, neural network model, and model are used interchangeably”].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the method for secure data analysis using encrypted data of Jain to include the encrypted learned model is attached with an encryption identifier, and determining whether the encrypted learned model has been input, by referring to the encryption identifier of Gomez. Doing so would help determining which NN and which private key to use to decrypt the encrypted inference (Gomez, 0095).
Allowable Subject Matter
Claims 7-9 would be allowable if rewritten such that the 112(b) rejections above were overcome.
The following is a statement of reasons for the indication of allowable subject matter:
Claim 7 is allowable for disclosing:
An inference apparatus comprising:
a connection interface detachably connected to a processing apparatus; and
a processor which executes a process, wherein the process includes:
determining whether first encrypted data, in which first data corresponding to a first operation of one or more layers included in the learned model is encrypted, has been input,
when the first data that is not encrypted is input;
performing inference by using the first data, and
displaying information representing contents of the first data on a display device, the information including at least one of a network structure, a weight and a bias of the first data,
when the first encrypted data is input;
decrypting the first encrypted data, and
performing inference by using the decrypted first data,
stopping the process of displaying the information representing contents of the first data on the display device, the information including at least one of a network structure, a weight and a bias of the first data, and
performing inference by performing the first operation by using the first data, and by causing the processing apparatus to perform a second operation of a layer excluding the one or more layers from the learned model, wherein
the processing apparatus memorizes therein second data corresponding to the second operation and performs the second operation by using the second data.
Paragraph 0121 in the specification of the current application recites (among others):
The first operation is an operation corresponding to the network structure, the weight, and the bias included in an input layer 710 to which data 701 to be inferred is input from an application, a convolutional layer 720, and from a convolutional layer 740 to an output layer 780. The second operation is an operation corresponding to the network structure, the weight, and the bias included in the layer 730 that includes from a pooling layer 731 to a pooling layer 733.
The closest references found
Jain et al. (US Pub. 2018/0359084) in Fig. 3, paragraph 0094 teaches a process of requesting and receiving a learned model from a server, wherein, the learned model comprises weight parameter.
Matsumoto et al. (US Pub. 2019/0147361) in paragraphs 0019 and 0039-0068, teaches a learned model is received by the user device, and the contents of the received learned model is displayed.
Perrine et al. (US Pub. 2015/0143105) in Fig. 2, paragraphs 0037-0044, teaches an encrypted data is received, decrypting the network encrypted data to obtain the clear data, then the clear data is encrypted.
Gomez et al. (US Pub. 2020/0036510) in paragraph 0010 teaches a process of generating an encrypted inference output using the encrypted input by computing the weighted sum and activation function at each layer (e.g., hidden and output layer).
However, the prior art of record does not teach or suggest, individually or in combination, the claim as a whole, especially the limitations:
when the first encrypted data is input;
decrypting the first encrypted data, and
performing inference by using the decrypted first data,
stopping the process of displaying the information representing contents of the first data on the display device, the information including at least one of a network structure, a weight and a bias of the first data, and
performing inference by performing the first operation by using the first data, and by causing the processing apparatus to perform a second operation of a layer excluding the one or more layers from the learned model, wherein
the processing apparatus memorizes therein second data corresponding to the second operation and performs the second operation by using the second data.
Therefore, the combination of features is considered to be allowable.
Claims 8-9 are considered to be allowable because they are dependent on claim 7.
Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Zhao et al. (US Patent 8,649,515) describes a method for controlled sharing of media data.
Majeti et al. (US Patent 9,331,972) describes a method for preventing the display the decrypted message in the inbox.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI T NGUYEN whose telephone number is 571-272-0103. The examiner can normally be reached M-F, 8 AM-5 PM, (CT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, OMAR FERNANDEZ can be reached at 571-272-2589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TRI T NGUYEN/Examiner, Art Unit 2128
/RYAN C VAUGHN/Primary Examiner, Art Unit 2125